Token management system

ABSTRACT

A computer system includes a token repository configured to store payment tokens, and a server system. The server system includes a processor and instructions stored in non-transitory machine-readable media, the instructions configured to cause the server system to receive a request to provision a payment token based on a financial product, wherein the request includes information related to the financial product, provision a payment token based on the token request, including authenticating the financial product based on the financial product information and generating the payment token upon authenticating the financial product, wherein the payment token is useable to make a payment via the financial product, and store the payment token in the token repository.

CROSS-REFERENCE TO RELATED APPLICATION

This application is a continuation of U.S. patent application Ser. No. 15/081,536, filed Mar. 25, 2016, which claims the benefit of priority to U.S. Provisional Patent Application No. 62/139,525, filed on Mar. 27, 2015, both of which are hereby incorporated by reference in their respective entireties.

BACKGROUND

The present disclosure relates generally to the field of tokenization. More particularly, the present disclosure relates to systems and methods for storing and managing electronic tokens.

Tokenization is often used to replace sensitive information with a non-sensitive equivalent having limited extrinsic value (i.e., an electronic token). The electronic token may then be resolved by a central entity in order to derive the sensitive information. For instance, an electronic token may be used in place of credit card information to initiate payment activity. A merchant receiving such an electronic payment token may provide the token to a central entity and receive account information for processing the payment based on the token. Along with providing improved security for electronic transactions, electronic tokens may also provide enhanced transaction efficiency, increase service transparency, and enable various third party payment methods.

Various financial networks utilize tokenization for card accounts to initiate secured payments via tokens. Upon issuing the token, the financial network may store the issued token and any associated card account information within a storage location (i.e., a token vault). However, the data structure for each storage location is not consistent and the functionality varies between financial networks. Thus, it may be difficult for the financial networks and associated financial institutions to access authorized information stored across multiple storage locations, such as to provision a token or perform token life cycle management actions. Further, storage locations supported by the financial networks may not support tokenization of non-card domains, such as demand deposit accounts (DDAs) or Automated Clearing House (ACH) transactions.

SUMMARY

One embodiment of the present disclosure relates to a computer system. The computer system includes a token repository configured to store payment tokens, and a server system. The server system includes a processor and instructions stored in non-transitory machine-readable media, the instructions configured to cause the server system to receive a request to provision a payment token based on a financial product, wherein the request includes information related to the financial product, provision a payment token based on the token request, including authenticating the financial product based on the financial product information and generating the payment token upon authenticating the financial product, wherein the payment token is useable to make a payment via the financial product, and store the payment token in the token repository.

Another embodiment of the present disclosure relates to a computer system. The computer system includes a token repository configured to store payment tokens, and a server system. The server system includes a processor and instructions stored in non-transitory machine-readable media, the instructions configured to cause the server system to receive information related to a payment token stored in the token repository, update the status of the stored payment token based on the information, and upon updating the status of the payment token, send a notification to a user of the payment token indicating that the status of the stored payment token has been updated.

Another embodiment of the present disclosure relates to a computer system. The computer system includes a token repository configured to store a payment token, and a server system. The server system includes a processor and instructions stored in non-transitory machine-readable media, the instructions configured to cause the server system to receive a request to authorize a transaction from a requesting entity, wherein the transaction was initiated based on the stored payment token, and wherein the payment token includes encrypted information related to a financial product, authorize the transaction based on the payment token and authorization rules stored in memory of the computer system, including de-tokenizing the payment token to identify the financial product information, and upon authorizing the transaction, send the financial product information to the requesting entity, wherein the financial product information is useable by the requesting party to process the transaction.

BRIEF DESCRIPTION OF THE FIGURES

The details of one or more implementations are set forth in the accompanying drawings and the description below. Other features, aspects, and advantages of the disclosure will become apparent from the description, the drawings, and the claims, in which:

FIG. 1 is a schematic diagram of a token management system, according to an example embodiment.

FIG. 2 is a schematic diagram of a token provisioning process that may be implemented using the system shown in FIG. 1 .

FIG. 3 is a schematic diagram of a token life cycle management process that may be implemented using the system shown in FIG. 1 .

FIG. 4 is a schematic diagram of another token life cycle management process that may be implemented using the system shown in FIG. 1 .

FIG. 5 is a schematic diagram of a transaction authorization process that may be implemented using the system shown in FIG. 1 .

DETAILED DESCRIPTION

Before turning to the figures which illustrate example embodiments, it should be understood that the application is not limited to the details or methodology set forth in the following description or illustrated in the figures. It should also be understood that the phraseology and terminology employed herein is for the purpose of description only and should not be regarded as limiting.

Referring generally to the Figures, a token management system is shown. The token management system includes a token vault computer system. The token vault computer system is configured to manage and store electronic tokens. The token vault computer system may also be configured to provision electronic tokens based on information provided to the token vault computer system. The token vault computer system may be configured to provision tokens (e.g., payment tokens) based on payment information (e.g., a personal account number, a credit card number, etc.) related to a customer financial product. Provisioning the payment token may include authenticating the associated financial product, determining eligibility of the financial product for tokenization, generating the token based on the provided payment information, and linking the generated token to the associated financial product. The token vault computer system may also be configured to provision tokens based on non-payment information, such as a customer address, social security number, date of birth, or any other information.

In example embodiments, the payment tokens may be utilized to facilitate payments to merchants. In example embodiments, payment tokens may be surrogate values that replace the primary account number (PAN) associated with a payment card, such as a credit card, debit card, stored value card, etc. Payment tokens may pass basic validation rules of an account number. Hence, the payment token for a credit card in many respects “looks like” a real credit card number, but in fact is only a token. As part of the token generation process, steps are taken such that the generated payment token does not have the same value as or conflict with a real primary account number (e.g., a real credit card number). Payment tokens may be provisioned to various locations for use in various types of payment scenarios, including remote storage at a merchant (e.g., a card-on-file database) for on-line transactions with the merchant, a secure storage element (“secure element”) located in a payment card for a point-of-sale transaction using the payment card, local device storage (e.g., internal memory of a mobile device) for a mobile/digital wallet transaction, and so on.

In example embodiments, to process payment transactions, a payment is processed using a payment token in lieu of a primary account number (e.g., the 16-digit account number on the front of a credit card). The merchant obtains the payment token from a customer device or from the payment card, and then submits the payment token through a payment network to a computing system associated with a card network (e.g., Visa®, MasterCard®, American Express®, Discover®, Diners Club®, etc.). The card network computing system (e.g., network association computer system) de-tokenizes the payment token to obtain the PAN, i.e., replaces the payment token for its associated PAN value based on the payment token-to-PAN mapping information stored in a token database (sometimes referred to as a “token vault”). The card network computing system then transmits the PAN to the card issuer (e.g., the customer's financial institution) for processing in a manner similar to a traditional credit card transaction. For example, the card issuer may approve the transaction, in which case the transaction with the merchant is completed and payment to the merchant is made. The token database may also maintain other information that may be used to apply restrictions or other controls during transaction processing.

In example embodiments, processing payment transactions using such payment tokens provides enhanced security in connection with the payment card transactions. The payment tokens may be limited to use, e.g., only in connection with a specific merchant or a specific channel (e.g., payment via a specific mobile wallet). For example, in the event of a data breach at a merchant, the risk of subsequent fraud is reduced because only the payment tokens are exposed instead of primary account numbers. In this example, the payment tokens are merchant-specific and therefore cannot be used at other merchants. Although the examples provided herein relate primarily to the use of payment tokens (which may be used to originate payment transactions), the systems and methods described herein may also be used with non-payment tokens (which may be used for ancillary processes, such as loyalty tracking).

The token vault computer system may also be configured to manage the life cycle of each stored token. As part of the life cycle management, the token vault computer system may be configured to activate, de-activate, suspend, resume, and expire the stored token. The token vault computer system may also be configured to authorize a transaction using the token. The token vault computer system may authorize a transaction based on the token and other information related to an associated financial product. Once authorized, the token vault computer system may de-tokenize (e.g., resolve) the token and provide account information to the requesting party in order to process the transaction.

The token vault computer system may also include a token repository for storing the tokens. The token vault computer system may automatically store tokens generated by the token vault computer system in the token repository. The token vault computer system may also receive tokens that are generated by other entities and store the third party tokens in the token repository. The token vault computer system may convert the received third party tokens to a format similar to the generated payment tokens prior to storing the third party tokens in the token repository.

Referring to FIG. 1 , token management system 100 is shown, according to an example embodiment. The token management system 100 may be used to manage electronic tokens. The electronic tokens may be or include unique identifiers that are intended to replace sensitive information. The information that is replaced by the token may include payment information related to a financial product (e.g., credit card, debit card, checking account, etc.), such as a card number, an account number, a primary account number (PAN), etc. Tokenized payment information (i.e., a payment token) may be used instead of the primary or original account information in order to initiate payment activity. The electronic tokens may also be used to replace sensitive non-payment information, such as a customer address or other personal information. The token management system 100 may be used to facilitate various services associated with the tokens, including provisioning (e.g., generating) a token, authorizing the token for use in a financial transaction, storing the token, and managing the life cycle of the token.

The token management system 100 may include, among other systems, a token vault computer system 110, a network association computer system 130, an account holder computer system 140, an account issuer computer system 150, and a merchant computer system 160. In one embodiment, the systems are each owned and operated by a separate entity. In other embodiments, two or more systems may be combined or two or more systems may be owned or operated by a single entity. The systems may communicate through network 170. The network 170 may be a single communication network configured to communicatively connect each of the systems, or the network 170 may include a plurality of networks each connecting two or more systems. The network 170 may include one or more of the Internet, a cellular network, Wi-Fi, Wi-Max, a proprietary banking network, or any other type of wired or wireless network.

The systems may each include a computer system (e.g., one or more servers each with one or more processing circuits), each of which include a processor and memory. The processors may be implemented as application specific integrated circuits (ASICs), one or more field programmable gate arrays (FPGAs), a group of processing components, or other suitable electronic processing components. The memory may be one or more devices (e.g., RAM, ROM, Flash memory, hard disk storage, etc.) for storing data and/or computer code for completing and/or facilitating the various processes described herein. The memory may be or include non-transient volatile memory, non-volatile memory, and non-transitory computer storage media. The memory may include data base components, object code components, script components, or any other type of information structure for supporting the various activities and information structures described herein. The memory may be communicably connected to the processor and include computer code or instructions for executing one or more processes described herein.

The token vault computer system 110 is configured to at least provision, store, and manage electronic tokens. The token vault computer system 110 may be provided by a financial institution, such as a bank offering a variety of financial accounts. In an example embodiment, the token vault computer system 110 is provided by the account issuer computer system 150. In some embodiments, the token vault computer system 110 is at least partially provided by the network association computer system 130, and any operations herein attributed to the token vault computer system 110 may be performed by the account issuer computer system 150 and/or network association computer system 130. The token vault computer system 110 may be configured to communicate with any of the network association computer system 130, account holder computer system 140, account issuer computer system 150, and merchant computer system 160, and may be configured to communicate with each of these systems via a separate and secure network.

It should be noted that the operations attributed to the token vault computer system 110, including the operations attributed to the token provisioning logic 112, transaction authorization logic 114, life cycle management logic 116, token inquiry logic 118, and token notification logic 120, may be performed by the network association computer system 130. including authenticating the token request, determining token eligibility, generating the token, providing terms and conditions for the token, assigning the token to an entity or financial product, and generating limited use keys for the token.

The token vault computer system 110 includes token provisioning logic 112, transaction authorization logic 114, life cycle management logic 116, token inquiry logic 118, and token notification logic 120. Such logic may be implemented in a machine (e.g., one or more networked computer servers) comprising machine-readable media having instructions stored therein which are executed by the machine to perform the operations described herein. For instance, such logic may be implemented and executed to manage electronic tokens as part of the token vault computer system 110. It should be noted that the token vault computer system 110 may be operated by the account issuer computer system 150. For instance, the account issuer computer system 150 may issue one or more financial accounts or products to an account holder, and the token vault computer system 110 may be operated by the account issuer computer system 150 and configured to manage various tokens related to those financial accounts. In other embodiments, the token vault computer system 110 may be operated separately from the account issuer computer system 150. In these embodiments, the token vault computer system 110 may be operated by a separate financial institution from the account holder and configured to provision and manage various tokens related to the financial accounts or products issued by the account issuer computer system 150.

The token provisioning logic 112 may be executed to provision a token. The token may be provisioned based on a tokenization request received at the token vault computer system 110. The tokenization request may be received from a user (i.e., an account holder, customer, etc.) of the token vault computer system 110, including via the account holder computer system 140. The tokenization request includes information that may be used to provision the token, including any data or information which is requested to be tokenized (i.e., replaced by a unique identifier). The token provisioning logic 112 is configured to tokenize payment information (i.e., account information for a financial product) and non-payment information (e.g., personal information, preferences, etc.). The tokenization request may also include information identifying the requestor or other information that may be used to authenticate the token.

The token provisioning logic 112 may provision a payment token based on payment information provided with the token request. The payment token may then be used in lieu of actual account information (i.e., information that has been tokenized) to initiate a payment from an associated financial product (e.g., credit card account, demand deposit account, line of credit, etc.). Provisioning a token based on payment information for a financial product may include authenticating the associated financial product, determining eligibility of the financial product and/or the token, generating the token, and linking the token to the financial product. The provisioned token may be intended to replace sensitive account information for the associated financial product, such as an account number, card number, or other identifying information. For instance, an account holder (i.e., the account holder computer system 140) may request a payment token from the token vault computer system 110 in order to make a payment using a customer financial product associated with the token vault computer system 110 (e.g., provided by the account issuer computer system 150).

The token provisioning logic 112 may also be configured to authenticate a tokenization request as part of the token provisioning, including authenticating an associated financial product (e.g., verifying that the financial product is associated with the account holder or other requesting party). In an example embodiment, the token vault computer system 110 receives a request from the account holder computer system 140 to provision a payment token associated with a financial product (e.g., credit card, debit card, checking account, etc.) of the account holder. In this embodiment, the token provisioning logic 112 is configured to authenticate the financial product prior to generating the payment token. The financial product may have been issued or provided by the token vault computer system 110, the account issuer computer system 150, or another financial entity. The tokenization request may include an original payment credential related to the financial product or other data that may be used by the token provisioning logic 112 to authenticate the product. The token provisioning logic 112 may also request additional information from the requesting party (e.g., the account holder) to authenticate the financial product. In other embodiments, the token provisioning logic 112 is configured to send communication to the issuer of the financial product (e.g., account issuer computer system 150) requesting an authentication confirmation. The token vault computer system 110 may also store authentication rules or other information that may be used by the token provisioning logic 112 to authenticate the financial product. Similarly, the token provisioning logic 112 may also authenticate the token requestor or any other associated entity, as well as any other (non-payment) information received as part of the request.

The token provisioning logic 112 may also be configured to determine token eligibility based on the token request, which may include whether a particular token is available for use. In an example embodiment, the provisioned token is intended to be a unique identifier for the tokenized information. In this embodiment, the token provisioning logic 112 may determine that a particular token is ineligible if an identical token has been used previously and/or if an identical token is currently active. The token provisioning logic 112 may then select a new unique identifier. The token provisioning logic 112 may also determine eligibility of the information for tokenization. For instance, the token provisioning logic 112 may determine whether a particular financial product can be tokenized to generate a payment token. For instance, the token provisioning logic 112 may be configured to determine the type of financial product (e.g., credit card, debit card, bank account, etc.) based on the request and determine token eligibility based on the type of financial product. Token eligibility may also be based on the issuing entity, the account holder, the requesting party, the type of transaction associated with a payment token, or other information that may be exchanged as part of a financial transaction. The token provisioning logic 112 may also request additional information from the requesting party in order to determine token eligibility.

In an example embodiment, the token vault computer system 110 stores eligibility rules for determining token eligibility, and the token provisioning logic 112 is configured to determine token eligibility based on the eligibility rules. The eligibility rules may be determined by the token vault computer system 110. The eligibility rules may also be determined by an issuer of a financial product, by a user providing the information, or another authorized party described herein. In other embodiments, the token provisioning logic 112 is configured to request confirmation of token eligibility from a separate entity. For instance, the token provisioning logic 112 may receive confirmation of token eligibility from the issuer of the financial product (e.g., the account issuer computer system 150).

Upon authenticating the information provided in the tokenization request and confirming token eligibility, the token provisioning logic 112 may be configured to generate the token. The token may be a unique identifier that replaces any sensitive or otherwise protected information with non-sensitive (e.g., non-financial) information. A payment token, for instance, is a non-financial identifier that replaces financial product information and may be used, pending activation, as a payment credential to initiate a payment using the financial product. The token may be unique to a particular requestor, token vault, financial product, token issuer, financial product issuer, account holder, and/or transaction. In an example embodiment, a payment token is generated based on a financial product such that the payment token does not have the same value as and does not otherwise conflict with the primary account number (PAN) associated with the financial product, or the PAN of another account holder. In some embodiments, the generated payment token is useable on a mobile device (e.g., tablet, cellular phone, smart watch, etc.) to make a payment. For instance, the payment token may be generated for use within a mobile wallet associated with one or more financial products. In these embodiments, the payment token may also be unique to the mobile device, such that a payment token is generated per card, per device, and per requestor (e.g., account holder).

The token generated by the token provisioning logic 112 may be any type of token, code, or other identifier that may be exchanged between two or more parties in order to securely transmit sensitive information. The token may be generated based on the particular requirements of the token, which may be provided by any of the parties described herein, including the token requestor. A payment token, for instance, may be a code or other identifier suitable for use as a payment credential, such as a numerical code, a barcode, a quick response (QR) code, or an RF signal. The token provisioning logic 112 may include one or more tokenization algorithms configured to generate the payment token. In an example embodiment, the payment token is a tokenized sixteen digit number. For instance, where the financial product is a credit or debit card account, the tokenized sixteen digit number may be used as a payment credential in place of the original sixteen digit number of the credit or debit card.

In one embodiment, the payment token has a unique BIN (e.g., the first four digits of the original card number), but retains the same last four digits as the original card number in order to accurately match the payment token to the account holder (i.e., the product owner). In this embodiment, the remaining numbers may be generated by the token provisioning logic 112 using various tokenization algorithms. In another embodiment, the payment token is a surrogate value for a PAN that is consistent with ISO 8583 message requirements. In this embodiment, the payment token may be a 13 to 19-digit numeric value that is compliant with basic validation rules of an account number.

The token provisioning logic 112 may also be configured to provide (e.g., retrieve) any terms and conditions associated with a generated token in response to a tokenization request. The terms and conditions may be provided to the token requestor. The token vault computer system 110 may require the requestor to consent to the terms and conditions prior to generating the payment token. The terms and conditions may be stored at the token vault computer system 110, such as being stored in the token history 124 or other memory of the token vault computer system 110. The terms and conditions may provide how a payment token may be used, for instance, such as by specifying a type or number of transactions allowed, a preferred method of payment, an expiration date for the token, or any other use restrictions. The token provisioning logic 112 may also be configured to provide graphics associated with the payment token based on the tokenization request.

The token provisioning logic 112 may also be configured to link (i.e., assign) a generated token to a particular entity or financial product. For instance, a payment token may be linked to an associated financial product such that the payment token may be re-used in a future transaction to make a payment using the same financial product. The payment token may also be linked to the financial product such that the financial product and/or the account holder must be authenticated in order to use the payment token in a transaction. The payment token may also be linked to any of the token requestor, an account holder, an associated merchant, a financial institution, or any other entity or product described herein.

The token provisioning logic 112 may also be configured to generate limited use keys (LUKs) as part of the token provisioning. For instance, the token provisioning logic 112 may generate an LUK based on the tokenization request. LUKs are payment tokens that are available for a limited use. The LUKs generated by the token provisioning logic 112 may be derived from or based on a master domain key (e.g., the payment token) that is associated with the financial product. The LUKs may be generated such that they expire or become unusable based on determined thresholds. For instance, each LUK may have a time to live (TTL) before the LUK expires and can no longer be used as a payment credential. The LUKs may also be set to expire based on a threshold transaction velocity (i.e., speed by which funds are transmitted) or a threshold number of transactions. The token vault computer system 110 may be configured to determine these thresholds based on any number of factors, including the financial product and the account holder. The token vault computer system 110 may also be configured to refresh or replenish any expired LUKs as may be necessary or desired.

In an example embodiment, the financial product relates to a payment card having an associated account number.

The transaction authorization logic 114 may be executed to authorize a transaction in which a token is used. For instance, the token vault computer system 110 may receive a payment token from a recipient of the payment token such as merchant computer system 160 in order to validate the payment token and provide payment details based on the payment token. In particular, the transaction authorization logic 114 is configured to validate the payment token based on authorization rules. For instance, the transaction authorization logic 114 may validate that the payment token was generated by the token vault computer system 110 (i.e., the token provisioning logic 112) or another issuing entity (e.g., account issuer computer system 150). The transaction authorization logic 114 may also validate the payment token by verifying that the payment token was received from the account holder computer system 140 or another entity to which the payment token was issued by the token vault computer system 110. The transaction authorization logic 114 may also validate a token based on information received with the token. For instance, the transaction authorization logic 114 may validate the token by matching a passkey (or other information) that is received with the token to similar information stored at the token vault computer system 110 and associated with the token.

The authorization rules used by the transaction authorization logic 114 may be included as part of the transaction authorization logic 114 or stored in the token vault computer system 110 (e.g., in token history 124) and retrieved by the transaction authorization logic 114 to validate the payment token and authorize the transaction. The authorization rules may be determined by the token vault computer system 110. For instance, the authorization rules may be generated based on the payment token by the token provisioning logic 112 when the payment token is generated. The authorization rules may also be based on the financial product, the account holder, or any other information related to the payment token and described herein. The authorization rules may also be received and stored by the token vault computer system 110 from another entity, such as the issuer of the financial product where the issuer is an entity other than the token vault computer system 110. For instance, the transaction authorization logic 114 may be configured to request the authorization rules from an issuing entity upon receiving the payment token from a party requesting authorization.

The transaction authorization logic 114 may be configured to de-tokenize a payment token during authorization of the transaction. For instance, the transaction authorization logic 114 may de-tokenize the payment token to determine a primary account number (PAN) or other original account information upon validating the payment token. The transaction authorization logic 114 may then provide the de-tokenized original account information to the entity requesting the authorization, such as the merchant computer system 160 or the network association computer system 130, so that the requesting entity may proceed with processing the transaction. The transaction authorization logic 114 may be configured to encrypt the original account information prior to prevent unwanted use of the original account information. In other embodiments, such as where the token vault computer system 110 is the issuer of the financial product, the token vault computer system 110 may process the transaction based on the original account information derived from the payment token.

The life cycle management logic 116 may be executed to perform various actions related to the life cycle of the token. The actions may transition the token through various states of the token life cycle. For instance, the life cycle management logic 116 may be configured to activate, de-activate, suspend, resume, update, or expire the token once the token is provisioned. The life cycle management logic 116 may be configured to perform any of these actions in response to a request from the token requestor or the owner of the token (i.e., an account holder), or a party to the transaction having the necessary authorization. When the token is updated or a life cycle action is performed in response to a request, the life cycle management logic 116 may be configured to send confirmation of the update to the party requesting the update. The life cycle management logic 116 may also be configured to automatically perform any of the actions described herein, such as in response to another event or action. The life cycle management logic 116 is configured to send a notification to the token requestor (e.g., the account holder) when the payment token is updated or a life cycle action is performed based on a non-request action or event. The token may be stored in the token repository 122 and all actions performed by the life cycle management logic 116 may be performed at the token repository 122. All actions performed by the life cycle management logic 116 and all changes to the token may be recorded and stored at the token history 124.

The life cycle management logic 116 may also be configured to activate the token. The token vault computer system 110 may be configured to provide token-related information in exchange for the activated token. For instance, once provisioned, a payment token may require activation so that the payment token is useable to make a payment. The token vault computer system 110 may accept the activated payment token in exchange for payment information required to process a payment. In some embodiments, the token may also be automatically activated by the token provisioning logic 112 upon provisioning the token. Once the payment token is activated, the life cycle management logic 116 may also be configured to de-activate the payment token such that the payment token is no longer useable for making a payment. A token may be permanently or temporarily de-activated. When the token is de-activated, the token may not be useable to receive token-related information from the token vault computer system 110. For instance, the life cycle management logic 116 may be used to temporarily de-activate (i.e., suspend) a token. The life cycle management logic 116 is also configured to re-activate (i.e., resume) a suspended token. When re-activated, a payment token, for instance, is again active and may be used to make a payment. The life cycle management logic 116 is also configured to expire the token. The token may be expired based on various event or time-based thresholds, such as a number of uses, or a time since provisioning or after first use. The token may be expired based on a preference of the account holder, for instance. When the token is expired, the life cycle management logic 116 may renew the payment token or the payment token may be de-activated.

The life cycle management logic 116 is also configured to update the token, which may include updating any information associated with the token. For instance, the life cycle management logic 116 may be configured to update a payment token by updating the payment information on which the payment token is based. The payment token may also be updated to be associated with a new or additional financial product. Updating the token may also include replacing the token with a new token. For instance, the token may be updated with a new token after each use (e.g., after a payment is made using a payment token, after information is provided). Updating the payment token may also include updating the token expiration date. The life cycle management logic 116 may be configured to update the expiration date of the payment token based on use of the payment token or another event. Updating the payment token may also include performing any of the actions described herein in relation to the life cycle management logic 116.

The token inquiry logic 118 may be executed to process an inquiry related to the payment token. The token inquiry logic 118 is configured to provide an appropriate response to the inquiry. The inquiry may be received at the token vault computer system 110 from any of the network association computer system 130, the account holder computer system 140, the account issuer computer system 150, and the merchant computer system 160, any of which may be the token requestor or a holder of the payment token. The inquiry may be related to the current state of the payment token (e.g., active, expired, suspended, etc.). The inquiry may be related to a specific payment token or the inquiry may be a batch based on at least one of an account number or financial product (e.g., PAN), a token (e.g., TPAN), or an associated device. A batch inquiry may return information for each payment token having the provided characteristics. The token inquiry logic 118 is configured to receive the inquiry and search the token repository 122 for relevant payment tokens based on the inquiry. The token inquiry logic 118 then sends information related to the selected payment tokens (e.g., a current state) to the requesting party in response to the inquiry. The token inquiry logic 118 may request authenticating information from the requesting party prior to processing the inquiry. The token inquiry logic 118 may validate or authenticate the request based on information within the relevant payment token(s). In some embodiments, all actions described in relation to the token inquiry logic 118 may otherwise be performed, in whole or in part, by the token provisioning logic 112 and/or the life cycle management logic 116.

The token notification logic 120 may be executed to provide a notification related to a payment token. The token notification logic 120 may be configured to provide the same information as described in relation to the token inquiry logic 118, but the token notification logic 120 may provide the information in response to an action or event rather than a request. For instance, when the life cycle management logic 116 de-activates a payment token, the token notification logic 120 may send a notification to a relevant entity (e.g., a token requestor, an account holder, etc.) notifying the entity that the status of the payment token has changed. The token notification logic 120 may receive confirmation from the notified entity that the notification has been received. Any information related to the token notification logic 120 may be stored in the token history 124.

The token vault computer system 110 also includes token repository 122. The token repository 122 may include a storage system or other memory configured to receive and store payment tokens. Once a payment token is provisioned, the payment token may be stored in the token repository 122. The token repository 122 may be held by a financial institution and configured to store all payment tokens associated with the financial institution. In an example embodiment, the same financial institution provides the token vault computer system 110, including the logic described above, as well as the token repository 122 and the token history 124. The same financial institution may provide the financial product associated with the payment tokens stored in the repository 122.

The token repository 122 may be configured to store each payment token throughout the life cycle of the payment token. The payment tokens stored in the repository 122 may be generated by the token vault computer system 110 or generated elsewhere and converted by the token vault computer system 110 to match one or more characteristics of the generated payment tokens (i.e., payment tokens generated by the token provisioning logic 112). For instance, payment tokens that are not generated by the token vault computer system 110 may be converted such that all payment tokens stored within the repository 122 may be similarly searched (e.g., by token inquiry logic 118) in response to an inquiry.

The token vault computer system 110 also includes token history 124. The token history 124 includes memory configured to store information related to the payment tokens held by the token repository 122. The token history 124 may be stored in the token repository 122. The token history 124 includes a history of actions that are related to any payment tokens that have been stored in the token repository 122 or provisioned by the token provisioning logic 112. For instance, the token history 124 may include life cycle information for each of the stored payment tokens. The token history 124 may be used for responding to an inquiry, such as to determine a current state of a particular payment token. The token history 124 may also be utilized by the token provisioning logic 112 in generating a payment token. For instance, the token provisioning logic 112 may determine whether a particular payment token is unique based on information found within the token history 124.

Referring now to FIG. 2 , a process 200 is shown for provisioning a token, according to an example embodiment. The process 200 may be performed using the token vault computer system 110 shown in FIG. 1 . In particular, the process 200 may be performed using the token provisioning logic 112 of the token vault computer system 110, which is described in further detail herein. The process 200 may include authenticating the tokenization request, including a financial product to be associated with the token, determining token eligibility, generating the token, and/or linking the token to a financial product for future use. The process 200 may also include activating the token for use as part of a transaction and storing the token in the token repository 122. The process 200 is shown in FIG. 2 and described below as being used to provision a payment token based on payment information related to a financial product. However, the process 200 may also be used to provision a token based on other information that is received with a tokenization request, including non-payment information such as a customer shipping address, a social security number or other personal identifier, and other sensitive information that may be required to be securely exchanged between two or more parties.

At 202, a token requestor sends a request for a payment token to be provisioned based on a financial product. The token request may also include a request for terms and conditions related to the payment token and visual graphics for reading or displaying the payment token. The token request may include additional information that may be used to provision the payment token. The additional information may include identifying information that may be used to authenticate any of the requesting device, the token requestor, the account holder, and the financial product. In an example embodiment, the token request includes at least identifying information for the token requestor (e.g., a requestor ID) and a requesting device (i.e., device information). The token request may also any other information that is necessary or useful to provision the payment token, including to authenticate the token request and generate the payment token based on the financial product.

In an example embodiment, the token requestor is a merchant such as the merchant computer system 160. For instance, the merchant computer system 160 may send the request for the payment token in response to an account holder (i.e., the account holder computer system 140) initiating an online transaction with the merchant computer system 160. The merchant computer system 160 may receive identifying information from an account holder (i.e., user of the financial product) and send the identifying information with the token request for use in provisioning the payment token. The merchant computer system 160 may then receive the payment token based on the financial product and process the transaction without receiving sensitive account information from the account holder. In other embodiments, the token requestor may be the account holder computer system 140, the account issuer computer system 150, the network association computer system 130, or another entity related to the financial product or an associated transaction. In one embodiment, the token requestor may be a mobile wallet stored on a mobile device of the account holder. When the account holder (i.e., the user of the mobile device) adds a financial product to the mobile wallet or initiates a payment using the mobile wallet, the mobile device may send a token request to provision a payment token based on the financial product. The payment token may then be used by the mobile device to make a payment using the mobile wallet.

In the example embodiment, the token request is sent to the network association computer system 130. The network association computer system 130 may be provided by a network association (e.g., card association), which may be a network of issuing banks and acquiring banks that process payment cards of a specific brand. In the example embodiment, the network association computer system 130 is associated with the financial product being tokenized. For instance, the financial product may be a type of payment card that is processed by the network association. The token requestor may identify the network association and send the token request to the network association computer system 130 based on the financial product. In other embodiments, such as when the financial product is not associated with a particular network association, the token requestor may send the token request directly to the token vault computer system 110 to provision the payment token.

At 204, the network association computer system 130 sends the token request to the token vault computer system 110. The token request may be sent to the token vault computer system 110 based on the financial product. For instance, the token vault computer system 110 may be provided by a financial institution that provides the financial product associated with the token request. The token request may also be sent to the token vault computer system 110 based on the account holder. For instance, the account holder of the financial product may be a customer of the financial institution providing the token vault computer system 110. The account holder may also have other payment tokens stored at the token vault computer system 110.

At 206, the token vault computer system 110 (i.e., the token provisioning logic 112) determines the terms and conditions and the graphics associated with the payment token. The terms and conditions may specify how the payment token may be used to make a payment, storage procedures and security measures associated with the payment token, an expiration period for the payment token, and other terms and conditions that may be provided to the token requestor prior to or upon providing the generated payment token. The terms and conditions may be defined at the token vault computer system 110, such as by the token provisioning logic 112. The terms and conditions may be defined based on the financial product or based on any other information provided along with the token request.

The graphics associated with the payment token may include information related to how the payment token will be displayed. For instance, the payment token may be displayable (e.g., via a mobile device) in order to scan the payment token at a merchant point of sale device and initiate a payment. The graphics information may specify a mode of display for the payment token and may also include data or software required to display or otherwise manipulate the payment token. Similar to the terms and conditions, the graphics configuration may be defined at the token vault computer system 110, such as by the token provisioning logic 112.

At 208, the terms and conditions and graphics information are sent by the token vault computer system 110 to the network association computer system 130. At 210, the terms and conditions and graphics information are sent by the network association computer system 130 to the token requestor (i.e., the merchant computer system 160). In other embodiments, the terms and conditions and graphics information may be sent from the token vault computer system 110 directly to the token requestor. In an example embodiment, the terms and conditions for the payment token are provided to the token requestor prior to generating or providing the payment token. In this embodiment, the token requestor may be required to accept the associated terms and conditions prior to the payment token being generated or provided to the token requestor. The graphics information may also be provided to the token requestor prior to generating the payment token so that the token requestor may first confirm the ability to display the payment token having the provided graphics configuration. In other embodiments, the terms and conditions and graphics information may be provided upon providing the payment token to the token requestor.

At 212, the token vault computer system 110 (i.e., the token provisioning logic 112) determines token eligibility, which may include eligibility of the financial product for tokenization. The token vault computer system 110 may also authenticate the financial product. The token vault computer system 110 may determine eligibility of the token based on tokens that have been provisioned or are currently active. The token vault computer system 110 determines eligibility of the financial product for tokenization based on eligibility rules, which may be stored at the token vault computer system 110 (e.g., token repository 122, token history 124). The eligibility rules may be based on the particular financial product, the account holder, the token requestor, an expected use of the payment token, or any other information received as part of the token request or otherwise known. The eligibility rules may include a table that includes all financial products issued and associated with the token vault computer system 110. The table may provide an indication of whether a particular financial product is eligible for tokenization. The token provisioning logic 112 may be configured to determine eligibility by searching the table for the selected financial product based on any identifying information provided within the token request.

The token vault computer system 110 may also determine the eligibility of the financial product for tokenization by sending a request to the account issuer computer system 150. In an example embodiment, the request for an eligibility determination is sent to the account issuer computer system 150 at 212. In this embodiment, the account issuer computer system 150 may be the issuer of the financial product and may store eligibility rules specifying which of the financial products issued by the account issuer computer system 150 are eligible for tokenization. At 214, the account issuer computer system 150 may provide a determination of eligibility to the token vault computer system 110.

The token vault computer system 110 may also authenticate the payment token at 212. For instance, the token request may include an original payment credential related to the financial product or other data that may be used by the token provisioning logic 112 to authenticate the product. The token provisioning logic 112 may also request additional information from the token requestor to authenticate the financial product. In an example embodiment, the token vault computer system 110 stores authentication rules or other information that may be used to authenticate the financial product. In other embodiments, the token provisioning logic 112 is configured to send identifying information from the token request to the issuer of the financial product (e.g., account issuer computer system 150) and receive an authentication confirmation in response.

At 216, the token vault computer system 110 (i.e., token provisioning logic 112) is configured to filter the information within the token request. For instance, in some embodiments the payment token may include the name of a requesting device or a device storing an associated mobile wallet. The name may be encrypted within the payment token when the payment token is generated. In these embodiments, the token vault computer system 110 may be configured to filter any offensive words or characters from the device name so that the offensive characters are not received or interpreted by an entity receiving the payment token. The token vault computer system 110 may also be configured to filter any other offensive terms or characters that are to be included within the payment token. The filter settings may be determined by the token vault computer system 110 based on stored settings. The filter settings may also be determined based on inputs received from any of the entities in system 100. For instance, the merchant computer system 160 or the network association computer system 130 may specify any words or characters that should be filtered from the payment token.

At 218, the token vault computer system 110 (i.e., token provisioning logic 112) is configured to generate the payment token. The payment token may be generated after authenticating the financial product and determining that the financial product is eligible for tokenization. The payment token may be generated according to any coding convention described herein. The payment token may include any of the information described herein and related to the financial product, including any information received in the token request. Any information stored within the payment token may be encrypted by the token provisioning logic 112. The token requestor or another entity authorized to receive the encrypted information may be provided with a key or other information for decrypting the encrypted information. In one embodiment, the token provisioning logic 112 is also configured to activate the payment token upon generating the payment token.

At 220, the token vault computer system 110 may also be configured to generate limited use keys (LUKs). The token provisioning logic 112 may be configured to generate one or more LUKs based on the token request. The LUKs may be generated such that they expire or become unusable based on determined thresholds. For instance, each LUK may be configured to expire based on a set time period for expiration or based on a threshold transaction velocity (i.e., speed by which funds are transmitted) or number of transactions. The token vault computer system 110 may be configured to determine these thresholds based on any number of factors, including based on the financial product, the account issuer, the account holder, and an expected use for the payment token. The token vault computer system 110 may store settings, including expiration thresholds, for the LUKs at the token repository 122 and/or the token history 124.

At 222, the token vault computer system 110 (i.e., the token provisioning logic 112) may provide a notification to the account holder computer system 140. The notification may include information related to the payment token, such as any information found within the token request. The notification may also provide information related to generation of the payment token, including when the payment token was generated and/or activated, the associated financial product, the token requestor, the terms and conditions, any eligibility determination or authentication performed for the payment token, any LUKs that were generated based on the payment token or the token request, or any other information received or generated by the token vault computer system 110. The token provisioning logic 112 may provide the notification to the account holder computer system 140 and require confirmation by the account holder (i.e., system 140) prior to generating the payment token. The token provisioning logic 112 may also provide the notification when the payment token is generated and/or sent to another entity. In one embodiment, the same notification may be provided by the token notification logic 120.

At 224, the token vault computer system 110 may send the generated payment token to the network association computer system 130 (e.g., if the payment token is not generated by the system 130). However, in embodiments in which the network association computer system 130 generates the payment token, step 224 is not required. At 226, the network association computer system 130 sends the payment token to the token requester (i.e., the merchant computer system 160). In other embodiments, the token vault computer system 110 may send the generated payment token directly to the token requestor. Along with the payment token, the token vault computer system 110 may also send any associated terms and conditions, any graphics information for reading or displaying the payment token, and any LUKs that were generated with the payment token. In an example embodiment, the payment token has been activated and is available for use in making a payment.

As referenced above, the process 200 may also be utilized to provision a token based on non-payment information (e.g., to tokenize non-payment information). Any description herein related to the provisioning of payment tokens may be applied accordingly to the provisioning of tokens for non-payment information (i.e., non-payment tokens). Payment information may refer to information that may be used to initiate a process a payment, such as an account number, a card number, a routing number, and the like. Non-payment information refers to any information that is not payment information, and may particularly include personal information of an account holder such as address information (e.g., a shipping address for purchases), personal identification numbers (e.g., social security number, driver's license number, etc.), and other personal identifying information.

The token provisioning logic 112 and the process 200 may be utilized to provision a token based on any non-payment information so that the non-payment information may be securely transmitted between two or more parties. For instance, an account holder (i.e., the account holder computer system 140) may store at the token vault computer system 110 one or more non-payment tokens based on various non-payment information. The account holder may then provide the one of the non-payment tokens to a merchant (i.e., the merchant computer system 160). The merchant may then provide the non-payment token to the token vault computer system 110 in exchange for the de-tokenized (e.g., decrypted) non-payment information. The account holder may continue to update the stored token at the single-location token vault computer system 110 so that any third parties that have been provided the token are able to obtain the updated non-payment information without further communication by the account holder to any individual merchants or other parties.

In an example embodiment, an account holder may want for a merchant (i.e., the merchant computer system 160) to have access to the account holder's current shipping address at any time. The account holder may send a tokenization request to the token vault computer system 110 to request that the account holder's shipping address be tokenized. Once the token is provisioned, the account holder may then provide the token to the merchant. The merchant may then provide the token to the token vault computer system 110 in exchange for the account holder's current shipping address (or verification of the shipping address). By providing the token to the merchant, the account holder authorizes the merchant to obtain the account holder's shipping address and any other information related to the token. The tokens and the associated information are stored at the token vault computer system 110. The merchant stores only the token rather than having to store the related information.

The account holder may also request that the token be updated to change the shipping address or make additional information available to the merchant. Additional information may include a title of ownership, insurance information, personal identifying information, records of past transactions with the merchant, payment schedules, celebrated birthdays and holidays, upcoming transactions, and other information that may be useful to the merchant. The token vault computer system 110 is configured to manage the token, including updating the token according to requests received from the account holder. The merchant may request current information using the token at any time. The token vault computer system 110 may provide or verify the current information to the merchant in exchange for the token and/or additional value. The merchant may continually update the files and data attributes of its customer (i.e., the account holder) using the non-payment token.

The token vault computer system 110 is configured to store various preferences related to the tokens. For instance, the account holder may provide preferences related to each individual merchant that is provided with the token. For instance, the token vault computer system 110 may store for each token (a) the merchant(s) that have received the token and those that are allowed to have/use the token, (b) contract provisions that govern how the merchant is allowed to use the token and the related information, (c) attributes and/or rules regarding the specific data fields of the account holder that the merchant is allowed to retrieve when presenting the token to the token vault computer system 110, (d) rules regarding when access is revocable (e.g., access expires after 90 days), and (e) specific transaction use cases.

In another example embodiment, an account holder may securely provide sensitive information to an intended party via an intermediary. For instance, the account holder may be required to provide personal identifying information (e.g., a social security number) to an intermediary in order to obtain a background check or credit check, apply for a loan, apply to rent an apartment, and the like. The token vault computer system 110 may tokenize the personal identifying information at the request of the account holder. The account holder may then provide the provisioned token to the intermediary to provide to the intended party (e.g., a credit agency, a police department, a loan officer, etc.). The account holder may also update the preferences for the provisioned token so that the intended party, and not the intermediary, is provided access to the tokenized personal identifying information in exchange for the token. The token vault computer system 110 may then provide the personal identifying information to only the intended party, and not the intermediary, based on the preferences of the account holder. The token vault computer system 110 may require additional information to verify the identity of the intended party prior to releasing the personal identifying information. In this way, the token vault computer system 110 ensures that the intermediary does not have access to the sensitive information.

The token vault computer system 110 may also be configured to group certain non-payment information according to intended use. For instance, the token vault computer system 110 may automatically generate non-payment tokens based on information that is required when purchasing a car, when purchasing a home, when applying for college, when applying for rental housing, etc. The account holder may then provide these non-payment tokens to a third party, depending on the particular application, to more quickly and efficiently provide any required information.

Referring now to FIG. 3 , a process 300 is shown for updating a payment token, according to an example embodiment. The process 300 may be performed using the token vault computer system 110 shown in FIG. 1 . In particular, the process 300 may be performed using the life cycle management logic 116 of the token vault computer system 110. In an example embodiment, the process 300 is performed after the process 200 is performed to provision the payment token. At 302, a request is received at the token vault computer system 110 to update a payment token. The request may include information for identifying the payment token, including information related to an account holder, an associated financial product, or any information otherwise associated with the financial product. The token vault computer system 110 (i.e., the life cycle management logic 116) may be configured to authenticate the update request based on the information received. The token vault computer system 110 may also request additional information from the entity requesting an update and authenticate the update request based on the additional information. For instance, the token vault computer system 110 may be configured to request identifying information or other credentials from any entity requesting an update to a payment token.

In an example embodiment, the token vault computer system 110 receives an update request from the account issuer computer system 150. The update request is related to a payment token associated with a financial product issued by the account issuer computer system 150. At 304, the token vault computer system 110 is configured to update the payment token based on the update request. For instance, the token vault computer system 110 may receive the update request from the account issuer computer system 150 and determines an appropriate update for the payment token based on the request. As an example, the update request may indicate that the account holder has closed the credit card account (i.e., financial product) associated with the payment token. In this embodiment, the life cycle management logic 116 is configured to permanently de-activate the payment token. The life cycle management logic 116 may also be configured to suspend a payment token upon receiving an indication that the account holder is past due on a payment. In other embodiments, the token vault computer system 110 is configured to update the payment token absent an update request. In these embodiments, the life cycle management logic 116 may update the payment token based on an event or action determined by the token vault computer system 110. For example, the life cycle management logic 116 may expire a payment token based on exceeding a time threshold associated with the payment token.

Although the updates described herein are related to the life cycle of the payment token, at 304 the token vault computer system 110 may also be configured to otherwise update the payment token based on an inquiry. For instance, the token vault computer system 110 may receive an inquiry (e.g., from the account issuer computer system 150) of a payment token and update the payment token to indicate that the inquiry was received. The token vault computer system 110 may also provide information to the account issuer computer system 150 and/or another entity of system 100 based on the inquiry. Any information related to the payment token updates may be stored in the token history 124.

At 306, the token vault computer system 110 is configured to generate and send a notification to the account holder computer system 140. The notification may provide an indication that the payment token has been updated. The notification may be sent to the account holder based on settings related to the payment token and/or the account holder. For instance, the token vault computer system 110 may generate notification settings for each payment token and/or account holder. The notification settings may be generated based on the token request (i.e., when the payment token is provisioned). The notification settings may also be modified based on input received from the account holder. In some embodiments, the token vault computer system 110 may only send notifications to the account holder based on specified updates, such as when the payment token is de-activated or expired. The token vault computer system 110 may send the notification to a mobile device of the account holder, such as when the mobile device is associated with the payment token. In one embodiment, the notification may be sent using the token notification logic 120.

At 308, the token vault computer system 110 is configured to send a notification to the network association computer system 130. The token vault computer system 110 may identify the appropriate network association based on the payment token. The notification is based on the payment token and may provide an indication that the payment token has been updated. The notification sent to system 130 may be the same or similar to the notification sent to system 140. The notification may be sent to the network association computer system 130 based on settings related to the payment token and/or the network association. At 310, the network association computer system 130 delivers the notification to the merchant computer system 160. The network association computer system 130 may identify the merchant computer system 160 based on the payment token, including based on settings related to the payment token and stored at the token vault computer system 110. In other embodiments, the token vault computer system 110 sends the notification directly to the merchant computer system 160. In these embodiments, the token vault computer system 110 is configured to identify the merchant computer system 160 based on the payment token.

At 312, the merchant computer system 160 sends a confirmation to the network association computer system 130 that the notification has been received. At 314, the network association computer system 130 delivers the confirmation to the token vault computer system 110. In other embodiments, the token vault computer system 110 may receive the confirmation directly from the merchant computer system 160. The merchant computer system 160 may identify the network association computer system 130 and/or the token vault computer system 110 based on the notification and/or based on information stored on the payment token. Similarly, the network association computer system 130 may identify the token vault computer system 110 based on the notification and/or the payment token. At 316, the token vault computer system 110 stores the confirmation received from the merchant computer system 160. The confirmation may be stored in the token history 124. The token vault computer system 110 may also store a confirmation received from the account holder computer system 140 in the token history 124.

Referring now to FIG. 4 , another process 400 is shown for updating a payment token, according to an example embodiment. The process 400 may be performed using the token vault computer system 110 shown in FIG. 1 . In particular, the process 400 may be performed using the life cycle management logic 116 of the token vault computer system 110. At 402, the token requestor (e.g., the merchant computer system 160) sends a request to the network association computer system 130 to update a payment token. At 404, the network association computer system 130 delivers the request to the token vault computer system 110. In other embodiments, the merchant computer system 160 may send the update request directly to the token vault computer system 110.

The payment token may be associated with the token vault computer system 110. In one embodiment, the payment token was provisioned by the token vault computer system 110. The payment token is also stored at the token vault computer system 110. The merchant computer system 160 may identify the network association computer system 130 and/or the token vault computer system 110 based on the payment token. Likewise, the network association computer system 130 may identify the token vault computer system 110 based on the payment token. For instance, an identity of any or all of the systems 110, 130, and 160 may be included within the payment token and any or all of the systems 110, 130, and 160 may be configured to at least partially decrypt the payment token to determine the identity.

The update request may include information related to the payment token, including a reason for updating the payment token. For instance, the update request may include one or more transactions performed using the payment token. The update request may also include an update related to the financial product associated with the payment token, such as a new account number or expiration date for the financial product. The update request may also include a new account holder for the financial product. At 306, the token vault computer system 110 is configured to update the payment token based on the update request. The token vault computer system 110 may update the status of the payment token, such as by activating, suspending, resuming, de-activating, or expiring the payment token based on the update request. The token vault computer system 110 may be configured to authenticate the update request based on the information received within the update request. For instance, the token vault computer system 110 may require authenticating credentials to be included within the update request in order to process the update.

At 408, the token vault computer system 110 stores the update request and any related information in the token history 124. The token vault computer system 110 may also store the updated payment token in the token repository 122. At 410, the token vault computer system 110 sends a response (e.g., confirmation) to the network association computer system 130, indicating that the payment token has been updated. The token vault computer system 110 may also send the updated payment token to the system 130 as part of the response. At 412, the network association computer system 130 delivers the response to the merchant computer system 160. In other embodiments, the token vault computer system 110 may deliver the response directly to the merchant computer system 160. Where the token requestor is not the account holder (i.e., account holder computer system 140), the token vault computer system 110 may also send a notification to the account holder computer system 140 indicating that the payment token has been updated.

In an example embodiment, the account holder may send a tokenization request to the token vault computer system 110 for a payment token related to a financial product of the account holder. The payment token provisioned by the computer system 110 may then be provided to online merchants rather than providing credit card information or other payment information. The online merchants may then be required to provide the payment token to the token vault computer system 110 to initiate a payment. The token vault computer system 110 is configured to authorize the transaction based on preferences provided by the account holder. The token vault computer system 110 also tracks every transaction and stores any related information for use by the account holder. The token vault computer system 110 also maintains a record of any data or information that is provided to the online merchants. The token vault computer system 110 may also report to the account holder any online merchants that have the account holder's payment information and/or payment token. The account holder may the restrict use based on the user preferences stored at the token vault computer system 110. The account holder may also delete or disable any payment tokens

The token vault computer system 110 may also provide an interface to the account holder for managing the stored tokens. In an example embodiment, the account holder accesses the token vault computer system 110 via an online interface or a mobile application. The account holder is able to request that a token be provisioned and manage any existing tokens stored at the token vault computer system 110 using the mobile application. The account holder may also adjust various user preferences related to the tokens using the mobile application.

The token vault computer system 110 may also be configured to collect data based on provisioned tokens and tokens that are provided to third parties. For instance, the token vault computer system 110 could provide a map showing geographic or virtual locations where the account holder has provided a token or where a token has been used. The token vault computer system 110 could also mine additional data related to the payment tokens, including purchases, preferences, and other transaction data that could be used to provide additional services and targeted products to the account holder.

Referring now to FIG. 5 , a process 500 is shown for authorizing a payment token as part of a financial transaction, according to an example embodiment. The process 500 may be at least partially performed using the token vault computer system 110 shown in FIG. 1 . In particular, the process 500 may be at least partially performed using the transaction authorization logic 114 of the token vault computer system 110. At 502, an account holder (i.e., account holder computer system 140) sends a payment token to a merchant (i.e., merchant computer system 160) to initiate a transaction. For instance, one of the account holder and the merchant may scan the payment token from a device of the other of the account holder and the merchant in order to send the payment token to the merchant computer system 160. The payment token may include a cryptogram (i.e., encrypted data) for account information that may be useable by the merchant computer system 160 to process the transaction once the cryptogram is decrypted.

At 504, the merchant computer system 160 sends the payment token to the network association computer system 130 based on the payment token. The payment token may include identifying information for the network association computer system 130 that is readable by the merchant computer system 160. In one embodiment, the merchant computer system 160 is configured to decrypt at least a portion of the payment token to identify the network association computer system 130. For instance, the merchant computer system 160 may be provided with a decryption key (e.g., by the token vault computer system 110, by the account holder computer system 140, etc.) in order to identify an appropriate entity to send the payment token for authorization.

At 506, the network association computer system 130 delivers the payment token to the token vault computer system 110 based on the payment token. Similarly, the payment token may include identifying information for the token vault computer system 110 that is readable by the network association computer system 130. In one embodiment, the network association computer system 130 is configured to decrypt at least a portion of the payment token to identify the token vault computer system 110. For instance, the network association computer system 130 may be provided with a decryption key (e.g., by the token vault computer system 110, by the account holder computer system 140, etc.) in order to identify an appropriate entity to send the payment token for authorization. In another embodiment, the merchant computer system 160 delivers the payment token directly to the token vault computer system 110 based on the payment token. In this embodiment, the merchant computer system 160 may be configured to identify the token vault computer system 110 based on the payment token.

At 508, the token vault computer system 110 authenticates the payment token. The token vault computer system 110 may authenticate the payment token by validating encrypted data (i.e., a cryptogram) stored within the payment token. For instance, the token vault computer system 110 may authenticate the payment token by verifying that the payment token was provisioned by the token vault computer system 110. The payment token may also be authenticated by verifying that the payment token was received from the account holder computer system 140. The payment token may also be authenticated by verifying any other information stored as a cryptogram within the payment token, such as account holder information, information related to the associated financial product, provisioning data, or by matching any other data stored on the payment token with data stored at the token vault computer system 110 (e.g., token history 124). As part of authenticating the payment token, the token vault computer system 110 may decrypt the payment token to reveal account information necessary to process the transaction.

At 510, the token vault computer system 110 may re-encrypt the account information. For instance, the account information may be tokenized similarly to when the payment token was provisioned. The account information may be encrypted in order to securely send the account information to the merchant computer system 160 to complete the transaction. At 512, the encrypted account information is sent by the token vault computer system 110 to the network association computer system 130 as an indication that the transaction has been authorized by the token vault computer system 110. At 514, the network association computer system 130 delivers the encrypted account information to the merchant computer system 160. In an example embodiment, at least the merchant computer system 160 is provided with a key or rules for decrypting the encrypted account information in order to process the transaction. In other embodiments, the token vault computer system 110 may deliver the encrypted account information directly to the merchant computer system 160.

At 516, the token vault computer system 110 is configured to store any actions related to the payment token within the token history 124. The token vault computer system 110 may also update the payment token at the token repository 122, including to update the status of the payment token.

The present disclosure contemplates methods, systems and program products on any machine-readable media for accomplishing various operations. The embodiments of the present disclosure may be implemented using existing computer processors, or by a special purpose computer processor for an appropriate system, incorporated for this or another purpose, or by a hardwired system. Embodiments within the scope of the present disclosure include program products comprising machine-readable media for carrying or having machine-executable instructions or data structures stored thereon. Such machine-readable media can be any available media that can be accessed by a general purpose or special purpose computer or other machine with a processor. By way of example, such machine-readable media can comprise RAM, ROM, EPROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to carry or store desired program code in the form of machine-executable instructions or data structures and which can be accessed by a general purpose or special purpose computer or other machine with a processor. Combinations of the above are also included within the scope of machine-readable media. Machine-executable instructions include, for example, instructions and data which cause a general purpose computer, special purpose computer, or special purpose processing machines to perform a certain function or group of functions. Software implementations could be accomplished with standard programming techniques with rule based logic and other logic to accomplish the various connection steps, processing steps, comparison steps and decision steps.

While this specification contains many specific implementation details, these should not be construed as limitations on the scope of what may be claimed, but rather as descriptions of features specific to particular implementations. Certain features described in this specification in the context of separate implementations can also be implemented in combination in a single implementation. Conversely, various features described in the context of a single implementation can also be implemented in multiple implementations separately or in any suitable subcombination. Moreover, although features may be described above as acting in certain combinations and even initially claimed as such, one or more features from a claimed combination can in some cases be excised from the combination, and the claimed combination may be directed to a subcombination or variation of a subcombination.

Similarly, while operations are depicted in the drawings in a particular order, this should not be understood as requiring that such operations be performed in the particular order shown or in sequential order, or that all illustrated operations be performed, to achieve desirable results. In certain circumstances, multitasking and parallel processing may be advantageous. Moreover, the separation of various system components in the implementations described above should not be understood as requiring such separation in all implementations, and it should be understood that the described program components and systems can generally be integrated in a single software product or packaged into multiple software products embodied on tangible media.

Thus, particular implementations of the subject matter have been described. Other implementations are within the scope of the following claims. In some cases, the actions recited in the claims can be performed in a different order and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In certain implementations, multitasking and parallel processing may be advantageous.

The claims should not be read as limited to the described order or elements unless stated to that effect. It should be understood that various changes in form and detail may be made by one of ordinary skill in the art without departing from the spirit and scope of the appended claims. All implementations that come within the spirit and scope of the following claims and equivalents thereto are claimed. 

What is claimed is:
 1. A computer system, comprising: a token database configured to store payment tokens and user preferences associated with each payment token for usability of each payment token provided by corresponding account holders; and a server system comprising a processor and instructions stored in non-transitory machine-readable media, the instructions configured to cause the server system to: receive a request to provision a payment token based on a financial product, comprising: receiving information related to the financial product; receiving a first user preference related to a first set of specific data fields of an account holder that a first merchant is allowed to access upon presenting the payment token, wherein the first set of specific data fields includes personal identifying information; and receiving a second user preference related to a second set of specific data fields of the account holder that a second merchant is allowed to access upon presenting the payment token, wherein the second set of specific data fields includes personal identifying information, the second set of specific data fields being different from the first set of specific data fields; determine limited use restrictions to be placed on the payment token, wherein the limited use restrictions restrict use of the payment token to payment via a specific mobile wallet and restrict the first set of specific data fields and the second set of specific data fields corresponding to the first user preference and the second user preference, respectively, which the first merchant and the second merchant, respectively, are allowed to access; generate a limited use key based on at least some of the limited use restrictions to be placed on the payment token; associate the payment token with the limited use key; store the payment token and the limited use key in the token database; provision the payment token and the limited use key based on the token request, wherein the limited use key is separate from the payment token, and wherein the payment token is useable by both the first merchant and the second merchant to make a payment via the financial product when the payment is in compliance with the limited use key that is transmitted with the token; in response to being presented with the payment token and the limited use key for processing of the payment from the first merchant, verify that the first merchant is allowed to access a specific data field for processing of the payment; and in response to verifying that the first merchant is allowed to access the specific data field for processing of the payment, retrieving, from the token database, the specific data field and transmitting the specific data field to the first merchant.
 2. The computer system of claim 1, wherein the limited use key is derived from a master domain key associated with the financial product.
 3. The computer system of claim 1, wherein the limited use key establishes a threshold, and wherein satisfaction of the threshold renders the payment token unusable.
 4. The computer system of claim 3, wherein the threshold comprises a threshold time period, and wherein the stored instructions are further configured to cause the server system to invalidate the payment token upon expiration of the threshold time period.
 5. The computer system of claim 3, wherein the threshold comprises a threshold speed by which funds are transmitted, and wherein the stored instructions are further configured to cause the server system to invalidate the payment token upon violation of the threshold speed by which funds are transmitted.
 6. The computer system of claim 3, wherein the threshold comprises a threshold number of transactions, and wherein the stored instructions are further configured to cause the server system to invalidate the payment token upon occurrence of a number of transactions with the payment token that satisfies the threshold number of transactions.
 7. The computer system of claim 3, wherein the stored instructions are further configured to cause the server system to selectively refresh an expired limited use key.
 8. The computer system of claim 3, wherein the stored instructions are further configured to cause the server system to store one or more expiration thresholds in the token database.
 9. The computer system of claim 1, wherein the stored instructions are further configured to cause the server system to determine the limited use restrictions to be placed on the payment token based on the financial product or the account holder of the financial product.
 10. A method of managing payment token usage, the method comprising: receiving, by a token vault computer system, a request to provision a payment token based on a financial product, comprising: receiving, by the token vault computer system, information related to the financial product; receiving, by the token vault computer system, a first user preference related to a first set of specific data fields of an account holder that a first merchant is allowed to access upon presenting the payment token, wherein the first set of specific data fields includes personal identifying information; and receiving, by the token vault computer system, a second user preference related to a second set of specific data fields of the account holder that a second merchant is allowed to access upon presenting the payment token, wherein the second set of specific data fields includes personal identifying information, the second set of specific data fields being different from the first set of specific data fields; determining, by the token vault computer system, limited use restrictions to be placed on the payment token, wherein the limited use restrictions restrict use of the payment token to payment via a specific mobile wallet and restrict the first set of specific data fields and the second set of specific data fields corresponding to the first user preference and the second user preference, respectively, which the first merchant and the second merchant, respectively, are allowed to access; generating, by the token vault computer system, a limited use key based on at least some of the limited use restrictions to be placed on the payment token; associating, by the token vault computer system, the payment token with the limited use key; storing, by the token vault computer system, the payment token and the limited use key in a token database; provisioning, by the token vault computer system, the payment token and the limited use key based on the token request, wherein the limited use key is separate from the payment token, and wherein the payment token is useable by both the first merchant and the second merchant to make a payment via the financial product when the payment is in compliance with the limited use key that is transmitted with the token; in response to being presented with the payment token and the limited use key for processing of the payment from the first merchant, verifying that the first merchant is allowed to access the first set of specific data fields for processing of the payment; in response to verifying that the first merchant is allowed to access the first set of specific data fields for processing of the payment, retrieving, by the token vault computer system, from the token database, the first set of specific data fields and transmitting, by the token vault computer system, the first set of specific data fields to the first merchant; in response to being presented with the payment token and the limited use key for processing of the payment from the second merchant, verifying that the second merchant is allowed to access the second set of specific data fields for processing of the payment; and in response to verifying that the second merchant is allowed to access the second set of specific data fields for processing of the payment, retrieving, by the token vault computer system from the token database, the second set of specific data fields and transmitting, by the token vault computer system, the second set of specific data fields to the second merchant.
 11. The method of claim 10, wherein generating the limited use key comprises deriving the limited use key from a master domain key associated with the financial product.
 12. The method of claim 10, wherein the limited use key establishes a threshold, the method further comprising: monitoring, by the token vault computer system, a metric of the payment token associated with the threshold; and rendering, by the token vault computer system, the payment token unusable upon determining that the metric satisfies the threshold.
 13. The method of claim 12, wherein the threshold comprises a threshold time period, and wherein the method further comprises rendering the payment token unusable upon expiration of the threshold time period.
 14. The method of claim 12, wherein the threshold comprises a threshold speed by which funds are transmitted, and wherein the method further comprises rendering the payment token unusable upon violation of the threshold speed by which funds are transmitted.
 15. The method of claim 12, wherein the threshold comprises a threshold number of transactions, and wherein the method further comprises rendering the payment token unusable upon occurrence of a number of transactions with the payment token that meets or exceeds the threshold number of transactions.
 16. The method of claim 12, further comprising selectively refreshing the limited use key for the payment token after the payment token has been rendered unusable.
 17. The method of claim 12, further comprising storing one or more expiration thresholds in the token database.
 18. The method of claim 12, further comprising determining the limited use restrictions to be placed on the payment token based on the financial product or the account holder of the financial product.
 19. A non-transitory computer-readable media having computer-executable instructions embodied therein that, when executed by a processor of a computing system, cause the computing system to perform operations comprising: receiving a request to provision a payment token based on a financial product, comprising: receiving information related to the financial product; receiving a first user preference related to a first set of specific data fields of an account holder that a first merchant is allowed to access upon presenting the payment token, wherein the first set of specific data fields includes personal identifying information; and receiving a second user preference related to a second set of specific data fields of the account holder that a second merchant is allowed to access upon presenting the payment token, wherein the second set of specific data fields includes personal identifying information, the second set of specific data fields being different from the first set of specific data fields; determining limited use restrictions to be placed on the payment token, wherein the limited use restrictions restrict use of the payment token to payment via a specific mobile wallet and accessibility of the first set of specific data fields and the second set of specific data fields corresponding to the first user preference and the second user preference, respectively, which the first merchant and the second merchant, respectively, are allowed to access; generating a limited use key based on at least some of the limited use restrictions to be placed on the payment token; associating the payment token with the limited use key; storing the payment token and the limited use key in a token database; provisioning the payment token and the limited use key based on the token request, wherein the limited use key is separate from the payment token, and wherein the payment token is useable by both the first merchant and the second merchant to make a payment via the financial product when the payment is in compliance with the limited use key that is transmitted with the token; in response to being presented with the payment token and the limited use key for processing of the payment from the first merchant, verifying that the first merchant is allowed to access the first set of specific data fields for processing of the payment; in response to verifying that the first merchant is allowed to access the first set of specific data fields for processing of the payment, retrieving the first set of specific data fields and transmitting the first set of specific data fields to the first merchant; in response to being presented with the payment token and the limited use key for processing of the payment from the second merchant, verifying that the second merchant is allowed to access the second set of specific data fields for processing of the payment; and in response to verifying that the second merchant is allowed to access the second set of specific data fields for processing of the payment, retrieving the second set of specific data fields and transmitting the second set of specific data fields to the second merchant.
 20. The non-transitory computer-readable media of claim 19, wherein generating the limited use key comprises deriving the limited use key from a master domain key associated with the financial product, wherein the limited use key establishes a threshold, and wherein the computer-executable instructions, when executed by the processor of the computing system, cause the computing system to perform operations further comprising: monitoring a metric of the payment token associated with the threshold; and rendering the payment token unusable upon determining that the metric satisfies the threshold. 